Toros Workshop LLC d/b/a Toros Laboratories operates the Chiru app and chiru.io. We are a data controller under GDPR. For privacy questions: privacy@chiru.io
Account data: email address, display name, content niche (optional).
Platform tokens: OAuth tokens for connected platforms — encrypted with AES-256-GCM before storage.
Post data: captions, hashtags, scheduling preferences, publishing settings.
Analytics: views, likes, shares, watch time pulled from platform APIs for your published posts.
Usage data: features used, screens visited, session duration, errors (via Sentry).
We never collect: your video files, your full IP address (only 2 octets stored), full device/browser information, GPS location, or biometric data.
To provide the Service, process payments, send transactional emails, improve the product, ensure security, and comply with legal obligations. We do not use your data for advertising or sell it to any third party.
We share data only to operate the Service: with Supabase (database), Cloudflare (CDN), Stripe/Paddle (payments), Resend (email), and Sentry (error monitoring). All processors are bound by data processing agreements.
We never sell, license, or share your data with advertisers, data brokers, or external parties for commercial purposes.
Account data: duration of account + 90 days after deletion. OAuth tokens: until platform is disconnected. Payment records: 7 years (legal requirement). Product analytics: anonymized after 90 days, deleted after 1 year. Retention is enforced automatically in code nightly.
You have the right to access, correct, delete, and export your data. Use these in-app: Profile → Settings → Download My Data or Delete Account. Or email privacy@chiru.io. We respond within 30 days.
EU/UK users have additional GDPR rights including objection and restriction. California users have CCPA rights. Brazilian users have LGPD rights. See our full policy at chiru.io/privacy for jurisdiction-specific details.
Chiru is not directed to children under 13. We do not knowingly collect data from children under 13. Contact privacy@chiru.io if you believe a child has created an account.
OAuth tokens encrypted at rest (AES-256-GCM). All data in transit uses TLS 1.2+. Row-level security enforced at the database layer. No full IP addresses stored. No behavioral advertising SDKs.
We will notify you 14 days before material changes via email and in-app notification.
Toros Workshop LLC d/b/a Toros Laboratories · North Carolina, United States
Privacy: privacy@chiru.io